XFRM proc - /proc/net/xfrm_* files

Masahide NAKAMURA <nakam@linux-ipv6.org>

Transformation Statistics

The xfrm_proc code is a set of statistics showing numbers of packets dropped by the transformation code and why. These counters are defined as part of the linux private MIB. These counters can be viewed in /proc/net/xfrm_stat.

Inbound errors

XfrmInError:

All errors which is not matched others

XfrmInBufferError:

No buffer is left

XfrmInHdrError:

Header error

XfrmInNoStates:

No state is found i.e. Either inbound SPI, address, or IPsec protocol at SA is wrong

XfrmInStateProtoError:

Transformation protocol specific error e.g. SA key is wrong

XfrmInStateModeError:

Transformation mode specific error

XfrmInStateSeqError:

Sequence error i.e. Sequence number is out of window

XfrmInStateExpired:

State is expired

XfrmInStateMismatch:

State has mismatch option e.g. UDP encapsulation type is mismatch

XfrmInStateInvalid:

State is invalid

XfrmInTmplMismatch:

No matching template for states e.g. Inbound SAs are correct but SP rule is wrong

XfrmInNoPols:

No policy is found for states e.g. Inbound SAs are correct but no SP is found

XfrmInPolBlock:

Policy discards

XfrmInPolError:

Policy error

XfrmAcquireError:

State hasn’t been fully acquired before use

XfrmFwdHdrError:

Forward routing of a packet is not allowed

Outbound errors

XfrmOutError:

All errors which is not matched others

XfrmOutBundleGenError:

Bundle generation error

XfrmOutBundleCheckError:

Bundle check error

XfrmOutNoStates:

No state is found

XfrmOutStateProtoError:

Transformation protocol specific error

XfrmOutStateModeError:

Transformation mode specific error

XfrmOutStateSeqError:

Sequence error i.e. Sequence number overflow

XfrmOutStateExpired:

State is expired

XfrmOutPolBlock:

Policy discards

XfrmOutPolDead:

Policy is dead

XfrmOutPolError:

Policy error

XfrmOutStateInvalid:

State is invalid, perhaps expired